On February 17th, 2020, the Rize Cybersecurity and Data Privacy UCITS ETF (CYBR) began trading on the London Stock Exchange. CYBR seeks to invest in companies on the front lines of protecting the networks, data and hardware across the globe from cyber-attacks, DDoS attacks, phishing, malware and other malicious activities.
The world of cybersecurity is not only full of terrifying stories, but it is also complex and intimidating. It is an industry that, for a newbie, requires a healthy dose of technical knowledge to properly wrap one’s head around. Worse, it’s constantly evolving, changing and expanding, which creates challenges for organisations and security professionals alike. In this piece, we unpack the key terms used by the industry in order to gain an understanding of what the security landscape looks like in a digital age.
What is cybersecurity?
Cybersecurity is the practice of defending systems, networks, programmes, devices and data from malicious cyber-attacks. Effective cybersecurity consists of technologies, processes and controls that focus on protecting computer systems from unauthorised access, or being otherwise damaged or made inaccessible. A comprehensive cybersecurity programme must have multiple layers of protection. In an organization, the people, processes, and technology must all complement one another to create a robust defense architecture. In recent times, fully integrated threat management systems have become common, which help accelerate key cybersecurity functions such as detection, investigation and remediation.
What are cyber-attacks?
A cyber-attack is an assault launched by a cybercriminal using one or more computers against a single or multiple computer systems. Cyber-attacks are usually aimed at accessing (and selling), changing, or destroying sensitive information; extorting money from users; or interrupting normal business processes. Cyber-attacks generally take one of three forms:
- Cybercrime includes single actors or groups targeting systems for financial gain or to cause disruption
- Cyberwarfare often involve politically motivated information gathering
- Cyberterror is intended to undermine electronic systems to cause panic or fear
Cyber-attacks affect all industries, regardless of size. The industries that reported the most cyber-attacks in recent years are healthcare, manufacturing, finance, and government. Some of these sectors are more appealing to perpetrators because of their exposure to valuable financial and medical data; however, all businesses that use networks can be targeted for customer data, corporate espionage or illicit gains.
Types of cyber-attacks
Cybercriminals use a variety of methods to carry out their cyber-attacks. These include malware, phishing, Denial-of-Service attacks, Man-in-the-Middle attacks, drive-by attacks, SQL injections, and zero-day exploits.
Malware is a term used to describe malicious software such as ransomware, spyware, adware, viruses, infectors and worms. Malware attacks use a code that is made to stealthily affect a compromised computer system without the consent of the user. Typically, the attacks breach a network through a vulnerability, such as when a user clicks on a dangerous link or email attachments, which then installs the malicious software. Ransomware is the most common type of malware. It is found in 39% of malware-related data breaches, according to Verizon’s 2018 Data Breach Investigations Report. The report also highlights that ransomware has become so commonplace that would-be criminals now have access to off-the-shelf toolkits that allow them to create and deploy ransomware in a matter of minutes.
For example, in May 2017, the now infamous “WannaCry” ransomware worm spread like wildfire across the globe in what was dubbed the worst cyber-attack in history. The attack targeted computers running Microsoft Windows, by infecting and encrypting files on the PC’s hard drive (in turn making them impossible to access), and then demanding a ransom payment (in bitcoins!) in order to decrypt them.
Phishing is the practice of sending fraudulent communications that appears to come from a reputable source, generally via email. The attacker’s objective is to steal sensitive data such as login credential sand credit card numbers, or to install malware on the victim’s machine. In recent years, phishing has begun to take more specific forms, such as spear phishing (phishing from a trusted sender), whale fishing (phishing by impersonating a CEO/CIO), clone phishing (phishing using a cloned, previously-delivered email), vishing (phishing using phone) and smishing (phishing using SMS).
For example, in December 2015, the Ukrainian power grid was attacked by Russian cyberintelligence operatives using email phishing as the primary attack vector. The attack originated with a single mistake made by a power plant employee that installed a malicious firmware. The firmware was used to gain access to the power plant’s data and facilities, and compromise information systems of three energy distribution companies in Ukraine and temporarily disrupt electricity supply to the end consumers. The attack is considered to be the first known successful cyber-attack on a power grid.
Denial-of-Service (DoS) attack
In a Denial-of-Service (DoS) attack, an attacker floods systems, servers or networks with traffic to exhaust resources and bandwidth, resulting in a breakdown of service (or service denial). In a Distributed Denial-of-Services (DDoS) attack, which are equally common, the attack is launched from a large number of host machines that have been infected by malicious software that is being controlled by the attacker. Unlike with other types of attacks, DoS and DDoS attacks do not provide direct benefits to the attacker, outside of the pleasure of denying service. However, they have been seen to be used in business-to-business ‘competition warfare’ where one company is trying to get an upper edge over another.
Man-in-the-Middle (MitM) attack
A Man-in-the-Middle (MitM) attack occurs when an attacker inserts him or herself between a two-party communication. Once the attacker interrupts the traffic, they can filter and steal data. The most common point of entry for MitM attacks are unsecure public Wi-Fi networks. An attacker will setup a Wi-Fi connection with a legitimate-sounding name, and all they need to do is to wait for someone to connect and they will get instant access to the connected device.
Drive-by attacks target users through their internet browser, installing malware on their computer as soon as they land on an infected webpage. These attacks can also occur where a user visits a legitimate webpage that has been compromised, either by infecting the user directly or by redirecting them to another, legitimate-looking webpage that has been compromised.
A SQL injection, or a Structured Query Language injection, occurs when an attacker inserts malicious code into a server that uses SQL (a domain-specific language) and forces the server to reveal information it normally would not. SQL injections are only successful when a security vulnerability exists in an application’s software.
Zero-day exploits are cyber-attacks that occurs on the same day as a particular weakness is discovered in a piece of software. Essentially, the vulnerability is exploited immediately before a fix is made available by the software creators.
What is social engineering?
Social engineering is a factor in virtually all cyber-attacks. Social engineering is the psychological manipulation of people into performing actions or divulging confidential information such as personal or banking details. Almost every single cyber-attack will, at some stage, require a human to be tricked into doing something. Cybercriminals use social engineering tactics because it is easier to exploit a person’s natural inclination to trust, than to find ways to their hack software. For example, it is much easier to trick someone into giving up their password than it is to try to hack their password (unless the password is really weak). The information gained from social engineering attacks is usually cloned, and used to perpetrate crimes such as identity theft and financial fraud.
What should you do right now?
Since no post would be complete without a couple of cybersecurity tips, here are a few best practices we follow at Rize.
- Always use strong passwords, change them regularly, and don’t share them with anyone
- Make sure you keep your operating system, browser, and other critical software up to date by installing all of the latest patches
- Maintain an open dialogue with your friends, family, and colleagues about internet safety
- Review your privacy settings on a regular basis, and limit the amount of personal information you are putting online
- Be cautious about online offers – if it sounds too good to be true, it probably is
- REI Search, Computer Science Initiative, “Cybersecurity and Privacy with Francesca Bosco: A New Threat”, 2019. Available at: https://reisearch.eu/forum/4-cybersecurity-and-privacy/19-cybersecurity-and-privacy-with-francesca-bosco-a-new-threat
- Cisco, “Security that works together”, 2019. Available at: https://www.cisco.com/c/en_uk/products/security/threat-response.html
- Kaspersky, “What is Cyber-Security?”, 2019. Available at: https://www.kaspersky.co.uk/resource-center/definitions/what-is-cyber-security
- Verizon, “2018 Data Breach Investigations Report”, 2018, Page 3, Available at: https://enterprise.verizon.com/resources/reports/DBIR_2018_Report_execsummary.pdf
- Symantec, “What you need to know about the WannaCry ransomware”, October 2017. Available at: https://www.symantec.com/blogs/threat-intelligence/wannacry-ransomware-attack
- Wired, “New Clues Show How Russia’s Grid Hackers Aimed for Physical Destruction”, September 2019. Available at: https://www.wired.com/story/russia-ukraine-cyberattack-power-grid-blackout-destruction/
- IT Governance, “The 5 most common cyber-attacks in 2019”, May 2019. Available at: https://www.itgovernance.co.uk/blog/different-types-of-cyber-attacks